Error saving the contact ! Insufficient access: so_ldap: 520

psychoslave 2014-03-18 14:42:25 UTC #1

(details on the configuration bellow)

I try to use LDAP for storing login and contacts. I created an admin login and successfully logged in, but when I try to add a contact, the follwing error rises:
Error saving the contact !!! Insufficient access: so_ldap: 520

Here is my configuration, within a wmware machine :

lsb_release -d

Description: Debian GNU/Linux 7.1 (wheezy)

dpkg -l ‘egroupware’

[…]
ii egroupware 1.8.006.20140307 all web-based groupware suite - metapackage

slapcat

dn: dc=example,dc=net
objectClass: top
objectClass: dcObject
objectClass: organization
o: example.net
dc: example
structuralObjectClass: organization
entryUUID: d1c976e6-3f5d-1033-97ae-c998ce2c654b
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20140314004627Z
entryCSN: 20140314004627.139299Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20140314004627Z

dn: cn=admin,dc=example,dc=net
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9R1F3RnlmSDVRbHZ4NzBlTXVCZFJUUk95ZE1ydk8vcHM=
structuralObjectClass: organizationalRole
entryUUID: d1ccddcc-3f5d-1033-97af-c998ce2c654b
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20140314004627Z
entryCSN: 20140314004627.161597Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20140314004627Z

dn: ou=people,dc=example,dc=net
objectClass: organizationalUnit
ou: people
structuralObjectClass: organizationalUnit
entryUUID: 614abd70-3f5e-1033-8a0e-137c32c95d42
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20140314005027Z
entryCSN: 20140314005027.900715Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20140314005027Z

dn: ou=groups,dc=example,dc=net
objectClass: organizationalUnit
ou: groups
structuralObjectClass: organizationalUnit
entryUUID: 614b3f34-3f5e-1033-8a0f-137c32c95d42
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20140314005027Z
entryCSN: 20140314005027.904036Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20140314005027Z

dn: ou=machines,dc=example,dc=net
objectClass: organizationalUnit
ou: machines
structuralObjectClass: organizationalUnit
entryUUID: 614bdb2e-3f5e-1033-8a10-137c32c95d42
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20140314005027Z
entryCSN: 20140314005027.908031Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20140314005027Z

dn: cn=Default,ou=groups,dc=example,dc=net
objectClass: top
objectClass: posixGroup
gidNumber: 1000
cn: Default
structuralObjectClass: posixGroup
entryUUID: 49008bd4-3f66-1033-8a11-137c32c95d42
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20140314014703Z
memberUid: demo
memberUid: demo2
memberUid: demo3
memberUid: admin
entryCSN: 20140314014703.565612Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20140314014703Z

dn: cn=Admins,ou=groups,dc=example,dc=net
objectClass: top
objectClass: posixGroup
gidNumber: 1001
cn: Admins
structuralObjectClass: posixGroup
entryUUID: 4913e4cc-3f66-1033-8a12-137c32c95d42
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20140314014703Z
memberUid: admin
entryCSN: 20140314014703.559618Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20140314014703Z

dn: uid=demo,ou=people,dc=example,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 1002
uid: demo
gidNumber: 1000
givenName: Demo
sn: Account
cn: Demo Account
userPassword:: e21kNX1DRTREUTZCSWIvQlZNTjlzY0Z5THRBPT0=
shadowLastChange: 16143
homeDirectory: /dev/null
structuralObjectClass: inetOrgPerson
entryUUID: 4939e104-3f66-1033-8a13-137c32c95d42
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20140314014703Z
entryCSN: 20140314014703.498737Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20140314014703Z

dn: uid=demo2,ou=people,dc=example,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 1003
uid: demo2
gidNumber: 1000
givenName: Demo2
sn: Account
cn: Demo2 Account
userPassword:: e21kNX1DRTREUTZCSWIvQlZNTjlzY0Z5THRBPT0=
shadowLastChange: 16143
homeDirectory: /dev/null
structuralObjectClass: inetOrgPerson
entryUUID: 493d2e54-3f66-1033-8a14-137c32c95d42
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20140314014703Z
entryCSN: 20140314014703.520371Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20140314014703Z

dn: uid=demo3,ou=people,dc=example,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 1004
uid: demo3
gidNumber: 1000
givenName: Demo3
sn: Account
cn: Demo3 Account
userPassword:: e21kNX1DRTREUTZCSWIvQlZNTjlzY0Z5THRBPT0=
shadowLastChange: 16143
homeDirectory: /dev/null
structuralObjectClass: inetOrgPerson
entryUUID: 4940b646-3f66-1033-8a15-137c32c95d42
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20140314014703Z
entryCSN: 20140314014703.543516Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20140314014703Z

dn: uid=admin,ou=people,dc=example,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword:: e21kNX1wM0p2TFQyeFMyNzQxcFVvdTBnL3VnPT0=
shadowLastChange: 16143
structuralObjectClass: inetOrgPerson
entryUUID: 4942bbe4-3f66-1033-8a16-137c32c95d42
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20140314014703Z
uidNumber: 1005
uid: admin
gidNumber: 1001
givenName: mathieu
sn: stumpf
mail: ms@tempo-consulting.fr
cn: mathieu stumpf
homeDirectory: /dev/null
entryCSN: 20140314084003.420498Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20140314084003Z

dn: ou=contacts,ou=people,dc=example,dc=net
objectClass: organizationalUnit
ou: contacts
structuralObjectClass: organizationalUnit
entryUUID: da5596b8-3f68-1033-8a17-137c32c95d42
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20140314020525Z
entryCSN: 20140314020525.943431Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20140314020525Z

dn: ou=personal,ou=contacts,ou=people,dc=example,dc=net
objectClass: organizationalUnit
ou: personal
structuralObjectClass: organizationalUnit
entryUUID: da55d286-3f68-1033-8a18-137c32c95d42
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20140314020525Z
entryCSN: 20140314020525.944963Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20140314020525Z

dn: cn=admin,ou=personal,ou=contacts,ou=people,dc=example,dc=net
objectClass: organizationalRole
cn: admin
structuralObjectClass: organizationalRole
entryUUID: da55fedc-3f68-1033-8a19-137c32c95d42
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20140314020525Z
entryCSN: 20140314020525.946098Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20140314020525Z

In http://host/egroupware/setup/config.php I set the values :

Select which type of authentication you are using: LDAP
Select where you want to store/retrieve user accounts: LDAP
Minimum account id (e.g. 500 or 100, etc.): 10000
Maximum account id (e.g. 65535 or 1000000): 20000
LDAP host: 127.0.0.1
LDAP accounts context: ou=people,dc=example,dc=net
LDAP groups context: ou=groups,dc=example,dc=net
LDAP rootdn: cn=admin,dc=example,dc=net
LDAP encryption type: md5
Do you want to manage homedirectory and loginshell attributes?: Yes
LDAP Default homedirectory prefix: /home
LDAP Default shell: /bin/bash

cat /usr/share/slapd/slapd.conf

This is the main slapd configuration file. See slapd.conf(5) for more

info on the configuration options.

#######################################################################

Global Directives:

Features to permit

#allow bind_v2

Schema and objectClass definitions

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
#include /etc/ldap/schema/rfc2307bis.schema
include /etc/ldap/schema/inetorgperson.schema

Where the pid file is put. The init.d script

will not stop the server if you change this.

pidfile /var/run/slapd/slapd.pid

List of arguments that were passed to the server

argsfile /var/run/slapd/slapd.args

Read slapd.conf(5) for possible values

loglevel none

Where the dynamically loaded modules are stored

modulepath /usr/lib/ldap
moduleload back_@BACKEND@

The maximum number of entries that is returned for a search operation

sizelimit 500

The tool-threads parameter sets the actual amount of cpu’s that is used

for indexing.

tool-threads 1

#######################################################################

Specific Backend Directives for @BACKEND@:

Backend specific directives apply to this backend until another

‘backend’ directive occurs

backend @BACKEND@

#######################################################################

Specific Backend Directives for ‘other’:

Backend specific directives apply to this backend until another

‘backend’ directive occurs

#backend

#######################################################################

Specific Directives for database #1, of type @BACKEND@:

Database specific directives apply to this databasse until another

‘database’ directive occurs

database @BACKEND@

The base of your directory in database #1

suffix “@SUFFIX@”

rootdn directive for specifying a superuser on the database. This is needed

for syncrepl.

rootdn “cn=admin,@SUFFIX@”

Where the database file are physically stored for database #1

directory “/var/lib/ldap”

The dbconfig settings are used to generate a DB_CONFIG file the first

time slapd starts. They do NOT override existing an existing DB_CONFIG

file. You should therefore change these settings in DB_CONFIG directly

or remove DB_CONFIG and restart slapd for changes to take effect.

For the Debian package we use 2MB as default but be sure to update this

value if you have plenty of RAM

dbconfig set_cachesize 0 2097152 0

Sven Hartge reported that he had to set this value incredibly high

to get slapd running at all. See http://bugs.debian.org/303057 for more

information.

Number of objects that can be locked at the same time.

dbconfig set_lk_max_objects 1500

Number of locks (both requested and granted)

dbconfig set_lk_max_locks 1500

Number of lockers

dbconfig set_lk_max_lockers 1500

Indexing options for database #1

#index objectClass eq

index default eq
index objectClass eq
index phpgwContactOwner pres,eq,sub
index uidNumber pres,eq

Save the time that the entry gets modified, for database #1

lastmod on

Checkpoint the BerkeleyDB database periodically in case of system

failure and to speed slapd shutdown.

checkpoint 512 30

The userPassword by default can be changed

by the entry owning it if they are authenticated.

Others should not be able to see it, except the

admin entry below

These access lines apply to database #1 only

access to attrs=userPassword,shadowLastChange
by dn="@ADMIN@" write
by anonymous auth
by self write
by * none

Ensure read access to the base for things like

supportedSASLMechanisms. Without this you may

have problems with SASL not knowing what

mechanisms are available and the like.

Note that this is covered by the ‘access to *’

ACL below too but if you change that as people

are wont to do you’ll still need this if you

want SASL (and possible other things) to work

happily.

access to dn.base="" by * read

The admin dn has full write access, everyone else

can read everything.

access to *
by dn="@ADMIN@" write
by * read

For Netscape Roaming support, each user gets a roaming

profile for which they have write access to

#access to dn=".*,ou=Roaming,o=morsnet"

by dn="@ADMIN@" write

by dnattr=owner write

#######################################################################

Specific Directives for database #2, of type ‘other’ (can be @BACKEND@ too):

Database specific directives apply to this databasse until another

‘database’ directive occurs

#database

The base of your directory for database #2

#suffix “dc=debian,dc=org”

Egroupware support

include/etc/ldap/schema/phpgwaccount.schema
include/etc/ldap/schema/phpgwcontact.schema

As you can see from this commented line :

include /etc/ldap/schema/rfc2307bis.schema

I also tried with this schema, following the instructions in egroupware/phpgwapi/doc/ldap/README, but I ended with the following error:

slapadd -l new.ldif
slapadd: dn=“cn=Default,ou=groups,dc=example,dc=net” (line=62): (65) invalid structural object class chain (posixGroup/groupOfNames)
_####### 36.15% eta none elapsed none spd 95.4 k/s
Closing DB…

Finaly I tried with schemas that I retrieved from a fedora package[1] :
include /etc/ldap/schema/phpgwaccount.schema
include /etc/ldap/schema/phpgwcontact.schema

[1] ftp://ftp.pbone.net/mirror/ftp.sourceforge.net/pub/sourceforge/e/eg/egroupware/OldFiles/eGroupWare-1.2RC8.FC4-1.noarch.rpm

Please tell me if more information could help.

Kind regards

Ralf_Becker_Stylite 2014-03-18 18:56:33 UTC #2

Hi,

I hope your are prepared to quickly change all these passwords you posted!

They are just base64 encoded md5 hashes!

(details on the configuration bellow)

I try to use LDAP for storing login and contacts. I created an admin login
and successfully logged in, but when I try to add a contact, the follwing
error rises:
Error saving the contact !!! Insufficient access: so_ldap: 520

It means LDAP credentials you entered in Setup >> Configuration as
LDAP rootdn and LDAP root password do NOT have necessary rights to
create new accounts.

I take you entered ldap rootdn and it’s password, to it should not be an
ACL problem. If not try that.

As you can see from this commented line :

include /etc/ldap/schema/rfc2307bis.schema

We support all sorts of LDAP schema and distributions. It’s a bit tricky
to tell what you can use not knowing which distro and version we are
talking about.

I also tried with this schema, following the instructions in
egroupware/phpgwapi/doc/ldap/README, but I ended with the following error:

slapadd -l new.ldif
slapadd: dn=“cn=Default,ou=groups,dc=example,dc=net” (line=62): (65) invalid
structural object class chain (posixGroup/groupOfNames)

Looks like you can not use posixGroup and groupOfNames together.

_####### 36.15% eta none elapsed none spd 95.4
k/s
Closing DB…

Finaly I tried with schemas that I retrieved from a fedora package[1] :
include /etc/ldap/schema/phpgwaccount.schema
include /etc/ldap/schema/phpgwcontact.schema

They are old schemas we no longer use …

Please tell me if more information could help.

I can only give you general pointers here.

I recommend to use LDAP only if you know it well and you really need it!

Ralf

Ralf Becker
Director Software Development

Stylite AG

Morschheimer Strasse 15 | Tel. +49 6352 70629 0
D-67292 Kirchheimbolanden | Fax. +49 6352 70629 30

Email: rb@stylite.de

www.stylite.de | www.egroupware.org

Managing Directors: Andre Keller | Ralf Becker | Gudrun Mueller
Chairman of the supervisory board: Prof. Dr. Birger Leon Kropshofer

VAT DE214280951 | Registered HRB 31158 Kaiserslautern Germany

Mathieu_Stumpf 2014-03-19 08:02:19 UTC #3

Hi,

I hope your are prepared to quickly change all these passwords you posted!

No problem, it’s just a VM I use for tests.

They are just base64 encoded md5 hashes!

(details on the configuration bellow)

I try to use LDAP for storing login and contacts. I created an admin login
and successfully logged in, but when I try to add a contact, the follwing
error rises:
Error saving the contact !!! Insufficient access: so_ldap: 520
It means LDAP credentials you entered in Setup >> Configuration as
LDAP rootdn and LDAP root password do NOT have necessary rights to
create new accounts.

I take you entered ldap rootdn and it’s password, to it should not be an
ACL problem. If not try that.

As far as I understand, yes I gave the ldap “rootdn” I provided
"cn=admin,dc=example,dc=net", and slapcat return this:

As you can see from this commented line :

include /etc/ldap/schema/rfc2307bis.schema

We support all sorts of LDAP schema and distributions. It’s a bit tricky
to tell what you can use not knowing which distro and version we are
talking about.
I thought I provided this information, it’s a virtualbox VM running Debian : # lsb_release -d
Description: Debian GNU/Linux 7.1 (wheezy)

I also tried with this schema, following the instructions in
egroupware/phpgwapi/doc/ldap/README, but I ended with the following error:

slapadd -l new.ldif
slapadd: dn=“cn=Default,ou=groups,dc=example,dc=net” (line=62): (65) invalid
structural object class chain (posixGroup/groupOfNames)
Looks like you can not use posixGroup and groupOfNames together.

Here is how I tried to do that :

cd egroupware/phpgwapi/doc/ldap/

my.ldif
php ./nis2rfc2307bis.php my.ldif> new.ldif
service slapd stop
mkdir /tmp/ldap
mv /var/lib/ldap/*/tmp/
slapadd-l new.ldif

I probably shourd edit new.ldif, I will test that and let you know the result.

_####### 36.15% eta none elapsed none spd 95.4
k/s
Closing DB…

Finaly I tried with schemas that I retrieved from a fedora package[1] :
include /etc/ldap/schema/phpgwaccount.schema
include /etc/ldap/schema/phpgwcontact.schema
They are old schemas we no longer use …

Yes that’s what I red in egroupware/phpgwapi/doc/ldap/README

Please tell me if more information could help.
I can only give you general pointers here.

I recommend to use LDAP only if you know it well and you really need it!

I’m reading documentation on LDAP, I will really need it.

Thank you for your pointers.

Ralf

Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users

–
TeMPO Consulting
9, rue du Parc
67205 Oberhausbergen
France

http://www.tempo-consulting.fr
Tel : +33 3 88 56 82 17
Fax : +33 3 88 56 46 64

Mathieu_Stumpf 2014-03-19 08:50:24 UTC #4

I also tried with this schema, following the instructions in
egroupware/phpgwapi/doc/ldap/README, but I ended with the following error:

slapadd -l new.ldif
slapadd: dn=“cn=Default,ou=groups,dc=example,dc=net” (line=62): (65) invalid
structural object class chain (posixGroup/groupOfNames)
Looks like you can not use posixGroup and groupOfNames together.

Here is how I tried to do that :
cd egroupware/phpgwapi/doc/ldap/

my.ldif
php ./nis2rfc2307bis.php my.ldif> new.ldif
service slapd stop
mkdir /tmp/ldap
mv /var/lib/ldap/*/tmp/
slapadd-l new.ldif

I probably shourd edit new.ldif, I will test that and let you know the result.

So here is what I tried :

# grep -vi "groupofnames" new.ldif >posixGrouped.ldif
# rm -fr /var/lib/ldap/*
# slapadd -l posixGrouped.ldif
53235f3b Entry (cn=Default,ou=groups,dc=example,dc=net), attribute
'member' not allowed
slapadd: dn="cn=Default,ou=groups,dc=example,dc=net" (line=62): (65)
attribute 'member' not allowed
_#######               35.90% eta   none elapsed            none
spd  91.0 k/s
Closing DB...
# grep -v "member" posixGrouped.ldif >posix_group_no_member.ldif
# rm -fr /var/lib/ldap/*
# slapadd -l posix_group_no_member.ldif
_#################### 100.00% eta   none elapsed            none fast!
Closing DB...
# service slapd start
Starting OpenLDAP: slapd failed!
# tail /var/log/syslog|grep slapd
Mar 14 21:12:46 D29 slapd[6400]: @(#) $OpenLDAP: slapd  (Apr 23 2013
12:16:04)
$#012#011root@lupin:/tmp/buildd/openldap-2.4.31/debian/build/servers/slapd
Mar 14 21:12:46 D29 slapd[6401]: hdb_db_open: database
"dc=example,dc=net": alock package is unstable.
Mar 14 21:12:46 D29 slapd[6401]: backend_startup_one (type=hdb,
suffix="dc=example,dc=net"): bi_db_open failed! (-1)
Mar 14 21:12:46 D29 slapd[6401]: slapd stopped.

So here I’m stuck for the moment, I go back to my LDAP documentation.

Mathieu_Stumpf 2014-03-20 08:47:18 UTC #5

I tried to add this line to my config file (I changed
/usr/share/slapd/slapd.conf that I suppose to be the used config file ) :

access to * by * write

and restarted slapd and apache2 (just to be sure). But when I try to add
a contact it still results into a Insufficient access: so_ldap: 520

I thought that adding this rule would bypass any write problem.

Note that here I just want to be able to test groupdav synchronisation
while using ldap as db for contacts and users,
having a sane security configuration is not important for my tests (of
course having one right now would avoid me
to postpone this task). So if someone could suggest me a way to simply
bypass write restrictions I would be grateful.

Kind regards,
mathieu

I also tried with this schema, following the instructions in
egroupware/phpgwapi/doc/ldap/README, but I ended with the following error:

slapadd -l new.ldif
slapadd: dn=“cn=Default,ou=groups,dc=example,dc=net” (line=62): (65) invalid
structural object class chain (posixGroup/groupOfNames)
Looks like you can not use posixGroup and groupOfNames together.

Here is how I tried to do that :
cd egroupware/phpgwapi/doc/ldap/

my.ldif
php ./nis2rfc2307bis.php my.ldif> new.ldif
service slapd stop
mkdir /tmp/ldap
mv /var/lib/ldap/*/tmp/
slapadd-l new.ldif

I probably shourd edit new.ldif, I will test that and let you know the result.

So here is what I tried :
# grep -vi "groupofnames" new.ldif >posixGrouped.ldif
# rm -fr /var/lib/ldap/*
# slapadd -l posixGrouped.ldif
53235f3b Entry (cn=Default,ou=groups,dc=example,dc=net), attribute
'member' not allowed
slapadd: dn="cn=Default,ou=groups,dc=example,dc=net" (line=62):
(65) attribute 'member' not allowed
_#######               35.90% eta   none elapsed            none
spd  91.0 k/s
Closing DB...
# grep -v "member" posixGrouped.ldif >posix_group_no_member.ldif
# rm -fr /var/lib/ldap/*
# slapadd -l posix_group_no_member.ldif
_#################### 100.00% eta   none elapsed            none
fast!
Closing DB...
# service slapd start
Starting OpenLDAP: slapd failed!
# tail /var/log/syslog|grep slapd
Mar 14 21:12:46 D29 slapd[6400]: @(#) $OpenLDAP: slapd  (Apr 23
2013 12:16:04)
$#012#011root@lupin:/tmp/buildd/openldap-2.4.31/debian/build/servers/slapd
Mar 14 21:12:46 D29 slapd[6401]: hdb_db_open: database
"dc=example,dc=net": alock package is unstable.
Mar 14 21:12:46 D29 slapd[6401]: backend_startup_one (type=hdb,
suffix="dc=example,dc=net"): bi_db_open failed! (-1)
Mar 14 21:12:46 D29 slapd[6401]: slapd stopped.
So here I’m stuck for the moment, I go back to my LDAP documentation.

Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users

–
TeMPO Consulting
9, rue du Parc
67205 Oberhausbergen
France

http://www.tempo-consulting.fr
Tel : +33 3 88 56 82 17
Fax : +33 3 88 56 46 64

Mathieu_Stumpf 2014-03-20 09:51:01 UTC #6

I also tried to add this line to my configuration file :

sasl-secprops none

But don’t seems to resolve my problem. Those said I’m not sure sasl is
really used on this box,
I didn’t made any special configuration to do so, and the official
repository installation of
egroupware for debian doesn’t seem to install needed packages to support
it :

# dpkg -l '*sasl*'
Desired=Unknown/Install/Remove/Purge/Hold
>
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>>/ Name Version              Architecture         Description
+++-===============================-====================-====================-====================================================================
un  libauthen-sasl-perl <none>                                   
(no description available)
un  libsasl2 <none>                                    (no
description available)
ii  libsasl2-2:amd64 2.1.25.dfsg1-6+deb7u amd64                Cyrus
SASL - authentication abstraction library
ii  libsasl2-modules:amd64 2.1.25.dfsg1-6+deb7u amd64               
Cyrus SASL - pluggable authentication modules
un  libsasl2-modules-gssapi-heimdal
<none>                                    (no description available)
un  libsasl2-modules-gssapi-mit
<none>                                    (no description available)
un  libsasl2-modules-ldap <none>                                   
(no description available)
un  libsasl2-modules-otp <none>                                   
(no description available)
un  libsasl2-modules-sql <none>                                   
(no description available)
un  sasl2-bin <none>                                    (no
description available)
# apt-cache search php sasl|cut -f1 -d\  |xargs dpkg -l
dpkg-query: no packages found matching php-auth-sasl
dpkg-query: no packages found matching php-net-imap
dpkg-query: no packages found matching php-net-smtp
dpkg-query: no packages found matching php5-sasl

I tried to add this line to my config file (I changed
/usr/share/slapd/slapd.conf that I suppose to be the used config file ) :
access to * by * write
and restarted slapd and apache2 (just to be sure). But when I try to
add a contact it still results into a Insufficient access: so_ldap: 520

I thought that adding this rule would bypass any write problem.

Note that here I just want to be able to test groupdav synchronisation
while using ldap as db for contacts and users,
having a sane security configuration is not important for my tests (of
course having one right now would avoid me
to postpone this task). So if someone could suggest me a way to simply
bypass write restrictions I would be grateful.

Kind regards,
mathieu
I also tried with this schema, following the instructions in
egroupware/phpgwapi/doc/ldap/README, but I ended with the following error:

slapadd -l new.ldif
slapadd: dn=“cn=Default,ou=groups,dc=example,dc=net” (line=62): (65) invalid
structural object class chain (posixGroup/groupOfNames)
Looks like you can not use posixGroup and groupOfNames together.

Here is how I tried to do that :
cd egroupware/phpgwapi/doc/ldap/

my.ldif
php ./nis2rfc2307bis.php my.ldif> new.ldif
service slapd stop
mkdir /tmp/ldap
mv /var/lib/ldap/*/tmp/
slapadd-l new.ldif

I probably shourd edit new.ldif, I will test that and let you know the result.

So here is what I tried :
# grep -vi "groupofnames" new.ldif >posixGrouped.ldif
# rm -fr /var/lib/ldap/*
# slapadd -l posixGrouped.ldif
53235f3b Entry (cn=Default,ou=groups,dc=example,dc=net),
attribute 'member' not allowed
slapadd: dn="cn=Default,ou=groups,dc=example,dc=net" (line=62):
(65) attribute 'member' not allowed
_#######               35.90% eta   none elapsed none spd  91.0 k/s
Closing DB...
# grep -v "member" posixGrouped.ldif >posix_group_no_member.ldif
# rm -fr /var/lib/ldap/*
# slapadd -l posix_group_no_member.ldif
_#################### 100.00% eta   none elapsed none fast!
Closing DB...
# service slapd start
Starting OpenLDAP: slapd failed!
# tail /var/log/syslog|grep slapd
Mar 14 21:12:46 D29 slapd[6400]: @(#) $OpenLDAP: slapd  (Apr 23
2013 12:16:04)
$#012#011root@lupin:/tmp/buildd/openldap-2.4.31/debian/build/servers/slapd
Mar 14 21:12:46 D29 slapd[6401]: hdb_db_open: database
"dc=example,dc=net": alock package is unstable.
Mar 14 21:12:46 D29 slapd[6401]: backend_startup_one (type=hdb,
suffix="dc=example,dc=net"): bi_db_open failed! (-1)
Mar 14 21:12:46 D29 slapd[6401]: slapd stopped.
So here I’m stuck for the moment, I go back to my LDAP documentation.

Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
–
TeMPO Consulting
9, rue du Parc
67205 Oberhausbergen
France

http://www.tempo-consulting.fr
Tel : +33 3 88 56 82 17
Fax : +33 3 88 56 46 64

Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users

–
TeMPO Consulting
9, rue du Parc
67205 Oberhausbergen
France

http://www.tempo-consulting.fr
Tel : +33 3 88 56 82 17
Fax : +33 3 88 56 46 64

Ralf_Becker_Stylite 2014-03-20 11:09:16 UTC #7

HI Mathieu,

best way to debug LDAP problems is to set an increasing loglevel in
slapd.conf (restart slapd) and watch the log while reproducing your problem.

Error messages available to php are not always helpful.

Ralf

I also tried to add this line to my configuration file :
sasl-secprops none
But don’t seems to resolve my problem. Those said I’m not sure sasl is
really used on this box,
I didn’t made any special configuration to do so, and the official
repository installation of
egroupware for debian doesn’t seem to install needed packages to support
it :
# dpkg -l '*sasl*'
Desired=Unknown/Install/Remove/Purge/Hold
>
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>>/ Name                            Version             
Architecture         Description
+++-===============================-====================-====================-====================================================================
un  libauthen-sasl-perl            
<none>                                    (no description available)
un  libsasl2                       
<none>                                    (no description available)
ii  libsasl2-2:amd64                2.1.25.dfsg1-6+deb7u
amd64                Cyrus SASL - authentication abstraction library
ii  libsasl2-modules:amd64          2.1.25.dfsg1-6+deb7u
amd64                Cyrus SASL - pluggable authentication modules
un  libsasl2-modules-gssapi-heimdal
<none>                                    (no description available)
un  libsasl2-modules-gssapi-mit    
<none>                                    (no description available)
un  libsasl2-modules-ldap          
<none>                                    (no description available)
un  libsasl2-modules-otp           
<none>                                    (no description available)
un  libsasl2-modules-sql           
<none>                                    (no description available)
un  sasl2-bin                      
<none>                                    (no description available)
# apt-cache search php sasl|cut -f1 -d\  |xargs dpkg -l
dpkg-query: no packages found matching php-auth-sasl
dpkg-query: no packages found matching php-net-imap
dpkg-query: no packages found matching php-net-smtp
dpkg-query: no packages found matching php5-sasl
I tried to add this line to my config file (I changed
/usr/share/slapd/slapd.conf that I suppose to be the used config file ) :
access to * by * write
and restarted slapd and apache2 (just to be sure). But when I try to
add a contact it still results into a Insufficient access: so_ldap: 520

I thought that adding this rule would bypass any write problem.

Note that here I just want to be able to test groupdav synchronisation
while using ldap as db for contacts and users,
having a sane security configuration is not important for my tests (of
course having one right now would avoid me
to postpone this task). So if someone could suggest me a way to simply
bypass write restrictions I would be grateful.

Kind regards,
mathieu
I also tried with this schema, following the instructions in
egroupware/phpgwapi/doc/ldap/README, but I ended with the following error:

slapadd -l new.ldif
slapadd: dn=“cn=Default,ou=groups,dc=example,dc=net” (line=62): (65) invalid
structural object class chain (posixGroup/groupOfNames)
Looks like you can not use posixGroup and groupOfNames together.

Here is how I tried to do that :
cd egroupware/phpgwapi/doc/ldap/
slapcat > my.ldif
php ./nis2rfc2307bis.php my.ldif > new.ldif
service slapd stop
mkdir /tmp/ldap
mv /var/lib/ldap/* /tmp/
slapadd -l new.ldif

I probably shourd edit new.ldif, I will test that and let you know the result.

So here is what I tried :
# grep -vi "groupofnames" new.ldif >posixGrouped.ldif
# rm -fr /var/lib/ldap/*
# slapadd -l posixGrouped.ldif
53235f3b Entry (cn=Default,ou=groups,dc=example,dc=net),
attribute 'member' not allowed
slapadd: dn="cn=Default,ou=groups,dc=example,dc=net" (line=62):
(65) attribute 'member' not allowed
_#######               35.90% eta   none elapsed            none
spd  91.0 k/s
Closing DB...
# grep -v "member" posixGrouped.ldif >posix_group_no_member.ldif
# rm -fr /var/lib/ldap/*
# slapadd -l posix_group_no_member.ldif
_#################### 100.00% eta   none elapsed            none
fast!        
Closing DB...
# service slapd start
Starting OpenLDAP: slapd failed!
# tail /var/log/syslog|grep slapd
Mar 14 21:12:46 D29 slapd[6400]: @(#) $OpenLDAP: slapd  (Apr 23
2013 12:16:04)
$#012#011root@lupin:/tmp/buildd/openldap-2.4.31/debian/build/servers/slapd
Mar 14 21:12:46 D29 slapd[6401]: hdb_db_open: database
"dc=example,dc=net": alock package is unstable.
Mar 14 21:12:46 D29 slapd[6401]: backend_startup_one (type=hdb,
suffix="dc=example,dc=net"): bi_db_open failed! (-1)
Mar 14 21:12:46 D29 slapd[6401]: slapd stopped.
So here I’m stuck for the moment, I go back to my LDAP documentation.

Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
–
TeMPO Consulting
9, rue du Parc
67205 Oberhausbergen
France

http://www.tempo-consulting.fr
Tel : +33 3 88 56 82 17
Fax : +33 3 88 56 46 64

Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
–
TeMPO Consulting
9, rue du Parc
67205 Oberhausbergen
France

http://www.tempo-consulting.fr
Tel : +33 3 88 56 82 17
Fax : +33 3 88 56 46 64

Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users

–
Ralf Becker
Director Software Development

Stylite AG

Morschheimer Strasse 15 | Tel. +49 6352 70629 0
D-67292 Kirchheimbolanden | Fax. +49 6352 70629 30

Email: rb@stylite.de

www.stylite.de | www.egroupware.org

Managing Directors: Andre Keller | Ralf Becker | Gudrun Mueller
Chairman of the supervisory board: Prof. Dr. Birger Leon Kropshofer

VAT DE214280951 | Registered HRB 31158 Kaiserslautern Germany

Mathieu_Stumpf 2014-03-20 11:35:54 UTC #8

My current log level is 296

Here is what I use to read logs :

# grep slap /var/log/syslog
[...]
Mar 15 08:56:07 D29 slapd[8433]: slapd starting
Mar 15 09:09:45 D29 slapd[8433]: <= bdb_equality_candidates: (cn)
not indexed
Mar 15 09:09:45 D29 slapd[8433]: <= bdb_equality_candidates: (uid)
not indexed
Mar 15 09:09:45 D29 slapd[8433]: <= bdb_equality_candidates: (cn)
not indexed
Mar 15 09:09:45 D29 slapd[8433]: <= bdb_equality_candidates: (uid)
not indexed
Mar 15 09:09:46 D29 slapd[8433]: <= bdb_equality_candidates: (cn)
not indexed
Mar 15 09:09:46 D29 slapd[8433]: <= bdb_equality_candidates: (uid)
not indexed
Mar 15 09:09:46 D29 slapd[8433]: <= bdb_equality_candidates: (cn)
not indexed
Mar 15 09:09:46 D29 slapd[8433]: <= bdb_equality_candidates: (uid)
not indexed
Mar 15 09:24:46 D29 slapd[8433]: <= bdb_equality_candidates: (cn)
not indexed
Mar 15 09:24:46 D29 slapd[8433]: <= bdb_equality_candidates: (uid)
not indexed
Mar 15 09:24:46 D29 slapd[8433]: <= bdb_equality_candidates: (cn)
not indexed
Mar 15 09:24:46 D29 slapd[8433]: <= bdb_equality_candidates: (uid)
not indexed

HI Mathieu,

best way to debug LDAP problems is to set an increasing loglevel in
slapd.conf (restart slapd) and watch the log while reproducing your problem.

Error messages available to php are not always helpful.

Ralf
I also tried to add this line to my configuration file :
 sasl-secprops none
But don’t seems to resolve my problem. Those said I’m not sure sasl is
really used on this box,
I didn’t made any special configuration to do so, and the official
repository installation of
egroupware for debian doesn’t seem to install needed packages to support
it :
 # dpkg -l '*sasl*'
 Desired=Unknown/Install/Remove/Purge/Hold
 >
 Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
 >/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
 >>/ Name                            Version
 Architecture         Description
 +++-===============================-====================-====================-====================================================================
 un  libauthen-sasl-perl
 <none>                                    (no description available)
 un  libsasl2
 <none>                                    (no description available)
 ii  libsasl2-2:amd64                2.1.25.dfsg1-6+deb7u
 amd64                Cyrus SASL - authentication abstraction library
 ii  libsasl2-modules:amd64          2.1.25.dfsg1-6+deb7u
 amd64                Cyrus SASL - pluggable authentication modules
 un  libsasl2-modules-gssapi-heimdal
 <none>                                    (no description available)
 un  libsasl2-modules-gssapi-mit
 <none>                                    (no description available)
 un  libsasl2-modules-ldap
 <none>                                    (no description available)
 un  libsasl2-modules-otp
 <none>                                    (no description available)
 un  libsasl2-modules-sql
 <none>                                    (no description available)
 un  sasl2-bin
 <none>                                    (no description available)
 # apt-cache search php sasl|cut -f1 -d\  |xargs dpkg -l
 dpkg-query: no packages found matching php-auth-sasl
 dpkg-query: no packages found matching php-net-imap
 dpkg-query: no packages found matching php-net-smtp
 dpkg-query: no packages found matching php5-sasl
I tried to add this line to my config file (I changed
/usr/share/slapd/slapd.conf that I suppose to be the used config file ) :
 access to * by * write
and restarted slapd and apache2 (just to be sure). But when I try to
add a contact it still results into a Insufficient access: so_ldap: 520

I thought that adding this rule would bypass any write problem.

Note that here I just want to be able to test groupdav synchronisation
while using ldap as db for contacts and users,
having a sane security configuration is not important for my tests (of
course having one right now would avoid me
to postpone this task). So if someone could suggest me a way to simply
bypass write restrictions I would be grateful.

Kind regards,
mathieu
I also tried with this schema, following the instructions in
egroupware/phpgwapi/doc/ldap/README, but I ended with the following error:

slapadd -l new.ldif
slapadd: dn=“cn=Default,ou=groups,dc=example,dc=net” (line=62): (65) invalid
structural object class chain (posixGroup/groupOfNames)
Looks like you can not use posixGroup and groupOfNames together.
Here is how I tried to do that :
cd egroupware/phpgwapi/doc/ldap/
slapcat > my.ldif
php ./nis2rfc2307bis.php my.ldif > new.ldif
service slapd stop
mkdir /tmp/ldap
mv /var/lib/ldap/* /tmp/
slapadd -l new.ldif

I probably shourd edit new.ldif, I will test that and let you know the result.
So here is what I tried :
 # grep -vi "groupofnames" new.ldif >posixGrouped.ldif
 # rm -fr /var/lib/ldap/*
 # slapadd -l posixGrouped.ldif
 53235f3b Entry (cn=Default,ou=groups,dc=example,dc=net),
 attribute 'member' not allowed
 slapadd: dn="cn=Default,ou=groups,dc=example,dc=net" (line=62):
 (65) attribute 'member' not allowed
 _#######               35.90% eta   none elapsed            none
 spd  91.0 k/s
 Closing DB...
 # grep -v "member" posixGrouped.ldif >posix_group_no_member.ldif
 # rm -fr /var/lib/ldap/*
 # slapadd -l posix_group_no_member.ldif
 _#################### 100.00% eta   none elapsed            none
 fast!
 Closing DB...
 # service slapd start
 Starting OpenLDAP: slapd failed!
 # tail /var/log/syslog|grep slapd
 Mar 14 21:12:46 D29 slapd[6400]: @(#) $OpenLDAP: slapd  (Apr 23
 2013 12:16:04)
 $#012#011root@lupin:/tmp/buildd/openldap-2.4.31/debian/build/servers/slapd
 Mar 14 21:12:46 D29 slapd[6401]: hdb_db_open: database
 "dc=example,dc=net": alock package is unstable.
 Mar 14 21:12:46 D29 slapd[6401]: backend_startup_one (type=hdb,
 suffix="dc=example,dc=net"): bi_db_open failed! (-1)
 Mar 14 21:12:46 D29 slapd[6401]: slapd stopped.
So here I’m stuck for the moment, I go back to my LDAP documentation.

Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
–
TeMPO Consulting
9, rue du Parc
67205 Oberhausbergen
France
http://www.tempo-consulting.fr
Tel : +33 3 88 56 82 17
Fax : +33 3 88 56 46 64

Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
–
TeMPO Consulting
9, rue du Parc
67205 Oberhausbergen
France
http://www.tempo-consulting.fr
Tel : +33 3 88 56 82 17
Fax : +33 3 88 56 46 64

Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users

–
TeMPO Consulting
9, rue du Parc
67205 Oberhausbergen
France

http://www.tempo-consulting.fr
Tel : +33 3 88 56 82 17
Fax : +33 3 88 56 46 64

Ralf_Becker_Stylite 2014-03-20 19:30:14 UTC #9

None of these are an error

Ralf

My current log level is 296

Here is what I use to read logs :
# grep slap /var/log/syslog
[…]
Mar 15 08:56:07 D29 slapd[8433]: slapd starting
Mar 15 09:09:45 D29 slapd[8433]: <= bdb_equality_candidates: (cn)
not indexed
Mar 15 09:09:45 D29 slapd[8433]: <= bdb_equality_candidates: (uid)
not indexed
Mar 15 09:09:45 D29 slapd[8433]: <= bdb_equality_candidates: (cn)
not indexed
Mar 15 09:09:45 D29 slapd[8433]: <= bdb_equality_candidates: (uid)
not indexed
Mar 15 09:09:46 D29 slapd[8433]: <= bdb_equality_candidates: (cn)
not indexed
Mar 15 09:09:46 D29 slapd[8433]: <= bdb_equality_candidates: (uid)
not indexed
Mar 15 09:09:46 D29 slapd[8433]: <= bdb_equality_candidates: (cn)
not indexed
Mar 15 09:09:46 D29 slapd[8433]: <= bdb_equality_candidates: (uid)
not indexed
Mar 15 09:24:46 D29 slapd[8433]: <= bdb_equality_candidates: (cn)
not indexed
Mar 15 09:24:46 D29 slapd[8433]: <= bdb_equality_candidates: (uid)
not indexed
Mar 15 09:24:46 D29 slapd[8433]: <= bdb_equality_candidates: (cn)
not indexed
Mar 15 09:24:46 D29 slapd[8433]: <= bdb_equality_candidates: (uid)
not indexed
HI Mathieu,

best way to debug LDAP problems is to set an increasing loglevel in
slapd.conf (restart slapd) and watch the log while reproducing your problem.

Error messages available to php are not always helpful.

Ralf
I also tried to add this line to my configuration file :
sasl-secprops none
But don’t seems to resolve my problem. Those said I’m not sure sasl is
really used on this box,
I didn’t made any special configuration to do so, and the official
repository installation of
egroupware for debian doesn’t seem to install needed packages to support
it :
# dpkg -l '*sasl*'
Desired=Unknown/Install/Remove/Purge/Hold
>
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>>/ Name                            Version             
Architecture         Description
+++-===============================-====================-====================-====================================================================
un  libauthen-sasl-perl            
<none>                                    (no description available)
un  libsasl2                       
<none>                                    (no description available)
ii  libsasl2-2:amd64                2.1.25.dfsg1-6+deb7u
amd64                Cyrus SASL - authentication abstraction library
ii  libsasl2-modules:amd64          2.1.25.dfsg1-6+deb7u
amd64                Cyrus SASL - pluggable authentication modules
un  libsasl2-modules-gssapi-heimdal
<none>                                    (no description available)
un  libsasl2-modules-gssapi-mit    
<none>                                    (no description available)
un  libsasl2-modules-ldap          
<none>                                    (no description available)
un  libsasl2-modules-otp           
<none>                                    (no description available)
un  libsasl2-modules-sql           
<none>                                    (no description available)
un  sasl2-bin                      
<none>                                    (no description available)
# apt-cache search php sasl|cut -f1 -d\  |xargs dpkg -l
dpkg-query: no packages found matching php-auth-sasl
dpkg-query: no packages found matching php-net-imap
dpkg-query: no packages found matching php-net-smtp
dpkg-query: no packages found matching php5-sasl
I tried to add this line to my config file (I changed
/usr/share/slapd/slapd.conf that I suppose to be the used config file ) :
access to * by * write
and restarted slapd and apache2 (just to be sure). But when I try to
add a contact it still results into a Insufficient access: so_ldap: 520

I thought that adding this rule would bypass any write problem.

Note that here I just want to be able to test groupdav synchronisation
while using ldap as db for contacts and users,
having a sane security configuration is not important for my tests (of
course having one right now would avoid me
to postpone this task). So if someone could suggest me a way to simply
bypass write restrictions I would be grateful.

Kind regards,
mathieu
I also tried with this schema, following the instructions in
egroupware/phpgwapi/doc/ldap/README, but I ended with the following error:

slapadd -l new.ldif
slapadd: dn=“cn=Default,ou=groups,dc=example,dc=net” (line=62): (65) invalid
structural object class chain (posixGroup/groupOfNames)
Looks like you can not use posixGroup and groupOfNames together.
Here is how I tried to do that :
cd egroupware/phpgwapi/doc/ldap/
slapcat > my.ldif
php ./nis2rfc2307bis.php my.ldif > new.ldif
service slapd stop
mkdir /tmp/ldap
mv /var/lib/ldap/* /tmp/
slapadd -l new.ldif

I probably shourd edit new.ldif, I will test that and let you know the result.
So here is what I tried :
# grep -vi "groupofnames" new.ldif >posixGrouped.ldif
# rm -fr /var/lib/ldap/*
# slapadd -l posixGrouped.ldif
53235f3b Entry (cn=Default,ou=groups,dc=example,dc=net),
attribute 'member' not allowed
slapadd: dn="cn=Default,ou=groups,dc=example,dc=net" (line=62):
(65) attribute 'member' not allowed
_#######               35.90% eta   none elapsed            none
spd  91.0 k/s
Closing DB...
# grep -v "member" posixGrouped.ldif >posix_group_no_member.ldif
# rm -fr /var/lib/ldap/*
# slapadd -l posix_group_no_member.ldif
_#################### 100.00% eta   none elapsed            none
fast!        
Closing DB...
# service slapd start
Starting OpenLDAP: slapd failed!
# tail /var/log/syslog|grep slapd
Mar 14 21:12:46 D29 slapd[6400]: @(#) $OpenLDAP: slapd  (Apr 23
2013 12:16:04)
$#012#011root@lupin:/tmp/buildd/openldap-2.4.31/debian/build/servers/slapd
Mar 14 21:12:46 D29 slapd[6401]: hdb_db_open: database
"dc=example,dc=net": alock package is unstable.
Mar 14 21:12:46 D29 slapd[6401]: backend_startup_one (type=hdb,
suffix="dc=example,dc=net"): bi_db_open failed! (-1)
Mar 14 21:12:46 D29 slapd[6401]: slapd stopped.
So here I’m stuck for the moment, I go back to my LDAP documentation.

Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
–
TeMPO Consulting
9, rue du Parc
67205 Oberhausbergen
France
http://www.tempo-consulting.fr
Tel : +33 3 88 56 82 17
Fax : +33 3 88 56 46 64

Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
–
TeMPO Consulting
9, rue du Parc
67205 Oberhausbergen
France
http://www.tempo-consulting.fr
Tel : +33 3 88 56 82 17
Fax : +33 3 88 56 46 64

Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
–
TeMPO Consulting
9, rue du Parc
67205 Oberhausbergen
France

http://www.tempo-consulting.fr
Tel : +33 3 88 56 82 17
Fax : +33 3 88 56 46 64

Learn Graph Databases - Download FREE O’Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users

–
Ralf Becker
Director Software Development

Stylite AG

Morschheimer Strasse 15 | Tel. +49 6352 70629 0
D-67292 Kirchheimbolanden | Fax. +49 6352 70629 30

Email: rb@stylite.de

www.stylite.de | www.egroupware.org

Managing Directors: Andre Keller | Ralf Becker | Gudrun Mueller
Chairman of the supervisory board: Prof. Dr. Birger Leon Kropshofer

VAT DE214280951 | Registered HRB 31158 Kaiserslautern Germany